TuneFactor uses your music tastes to present a 2-factor authentication challenge that only you can pass when logging in to online accounts like your bank. It takes 2-factor authentication to the next level - authenticating a user based on their behaviour, rather than a simple password or code from a text message or app.
How it works
- The user enters their username and password like normal.
- TuneFactor comes up with 4 songs for the user to rank in order of preference.
- It determines whether the user is genuine or not by presenting up to 3 more challenges.
- The real user is logged in based on their music taste.
How we compare
|tough to hack||✓||✓|
|tough to steal||✗||✓|
|no second device required||✗||✓|
Under the bonnet
- The user has to links their account with Spotify (the algorithm is easily extensible to other music sources and datasets too).
- Tunefactor picks four songs and tries to predict the order the user will rank them in. The user then ranks the songs.
- The program calculates a probability of how likely the user is to be who they say they are. This probability is determined by the user's ranking of the songs.
- If the probability is judged insufficient by the program, the user is asked to rank some more songs and step 3 repeats up to three more times.
- If the probability is high enough, the user is logged in.
- If the probability is too low or there have been too many attempts, the user is locked out.